WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Strange network problem (Etch)

from [Geoff Kirk] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Strange network problem (Etch)
From: Geoff Kirk <geoff.k@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 04 Oct 2007 16:22:00 +0100
Delivery-date: Thu, 04 Oct 2007 08:22:53 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20071004150642.GB7822@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <20071004114105.GF19106@xxxxxxxxxxxx> <20071004141832.GB21635@xxxxxxxxxxxx> <20071004150642.GB7822@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.4 (X11/20070604)
Let me try to explain what i did recently to setup some domU's behind a domU acting as a gateway between 2 bridges to play with shorewall. 

Using the scripts here

http://renial.net/weblog/2007/02/27/xen-vlan/
i put them in /etc/xen/scripts and edited /etc/xen/scripts/network-multi-vlan to look like 

dir=$(dirname "$0")
"$dir/network-bridge" "$@" vifnum=0
"$dir/network-bridge-vlan" "$@" vlan=2

brctl show then gives
bridge name     bridge id               STP enabled     interfaces
vlanbr2         8000.feffffffffff       no              eth0.2
xenbr0          8000.feffffffffff       no              vif0.0
                                                       peth0
I then setup a domU to act as a gateway between xenbr0 and vlanbr2 in domU config like this
vif = [ 'mac=00:16:3E:00:00:26, bridge=xenbr0, vifname=gateway.0','mac=00:16:3E:00:02:10, bridge=vlanbr2, vifname=gateway.1' ] 

and created a couple of other domU's on vlanbr2. To give this.

vlanbr2         8000.feffffffffff       no              eth0.2
                                                       gateway.1
                                                       dom1.0
                                                       dom2.0
xenbr0          8000.feffffffffff       no              vif0.0
                                                       peth0
                                                       gateway.0
At this point i found an issue that anyone on my physical lan could ping anything on vlanbr0 simply by creating a vlan on the same network. Which i found by removing eth0.2 from vlanbr2 with "brctl delif vlanbr2 eth0.2" made them unreachable from anything not on the bridge and now all traffic going to the vlanbr2 bridge has to be port forwarded through the gateway domU. Enabling ip forwarding of course and NAT on the out going interface. Don't forget also domU's on the bridge will need to know the gateway address to get outside eg. 

route add default gw 10.0.0.1 dev eth0

regards
Geoff

Jens Seidel wrote:

On Thu, Oct 04, 2007 at 04:18:33PM +0200, Heikki Levanto wrote:

I have not solved this problem yet, but I found out that the vif-nat way
of doing things nicely sidestpes the problem, so suddenly it is not
nearly as pressing.


I had very similar network problems using Xen 3.1 (my dom0 network did
no longer worked). In Xen 3.0.3 my dom0 network worked well but I had
trouble getting an ethernet device in a domU.

Using vif-nat is also my solution ...

Jens

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] Strange network problem (Etch), Jens Seidel
Next by Date:  Re: [Xen-users] Configuring a local bridge, Heikki Levanto
Previous by Thread:  Re: [Xen-users] Strange network problem (Etch), Jens Seidel
Next by Thread:  [Xen-users] Configuring a local bridge, Heikki Levanto
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy